That is accurate, and is an unfortunate consequence of dero having taken the code closed-source, which was just shortsighted and unnecessary. That action irrevocably shifted things from a "trust in the code" situation to a "trust in the team" one. Which itself is fine, so long as a person has a clear understanding that this is what they are doing.
Shockingly, we are in at least partial agreement. In an earlier post to this thread I basically said you can have anonymous devs or closed source but not both.
Yes, we are in agreement on that, it's my initial litmus test for any new project; if asked to choose between the two, I'll take the anon dev + open source scenario, as it's pure do-it-yourself (neither cheap nor easy to successfully bring suit against legal entities, let alone internationally).